CVE-2021-47768

MEDIUM

Cleidigh Importexporttools NG - XSS

Title source: rule

Description

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data or session credentials.

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappsmultiple

https://www.exploit-db.com/exploits/50496

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/50496

[Product] https://github.com/thundernest/import-export-tools-ng

[Product] https://addons.thunderbird.net/en-US/thunderbird/addon/importexporttools-ng/

[Third Party Advisory] https://www.vulnerability-lab.com/get_content.php?id=2308

Scores

CVSS v3 6.1

EPSS 0.0003

EPSS Percentile 7.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

cleidigh/importexporttools_ng 10.0.4

Published Jan 15, 2026

Tracked Since Feb 18, 2026